Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

wiredmikey writes "A former University of Akron student was sentenced Friday to 30 months in prison, followed by 3 years of supervised release for conducting denial of service attacks on the sites of several prominent conservative figures as well as infecting several systems with botnet software. Mitchell L. Frost, age 23, of Bellevue, Ohio admitted that between August 2006 and March 2007, he initiated denial of service attacks on web servers hosting the sites of political commentators, including Bill O'Reilly, Rudy Giuliani, Ann Coulter, and others."

That's two and a half years. Yes, he deserves to be punished, but it strikes me that he's not the one acting like a thug here, and I don't give a damn whether he's a rabid lefty, righty, or indy. If I heard that someone had gotten two and half years for taking down Reid'a, Pelosi's, and Michael Moore's sites, I still boggle in disbelief that someone got two and a half years.

127 plus 80 who were given suspended sentences! I'm sure you don't need a citation because electoral fraud is so common place and all criminals are asked their political alligiences meaning that these stats are so easy to come across! How many left wingers have gone to jail for voter caging? Or voter intimidation? Talk about a double standard!

So let me make this clear, you're not only outraged at this because you share the perpetrator's political views? You would be equally as outraged if the person jailed was a die hard republican? You would never exhibit such double standards as you would accuse other people of right?

Yeah, those Black Panthers with clubs in front of the polling building were certainly right-wingers. The only double standard is that if a white cop arrested them for intimidating voters he'd be called the racist.

You can get less time for killing someone, depending on the circumstances. I seem to remember a police officer who shot a suspect in the back getting 2 years in prison. I don't recall whether he was convicted of murder or manslaughter or what, but still, that's less time for a DDoS against a few pundits.

In true/. tradition, I didn't read the article. I find your insertion of any semblance of logic and/or facts into this thread in violation of said tradition. I hereby sentence you to 30 months of prison.

Never trust claimed damage figures. It's very hard to actually break any hardware or even destroy data through a DDoS attack - bordering on impossible. The major expense is in lost productivity: The number of customers who would have made a purchase, but found the site down so went to a competitor. That's a very hard thing to measure. The legal system also gives a strong incentive for victims to find a way to raise the damage claims in order to secure police action, harsher sentencing, insurance money, etc.

Two and a half years doesn't sound too outrageous for me, depending on how he DDOSed them. That usually means wide-scale computer intrusion, which is a pretty massive crime. The "distributed" in DDOS means that you're going away for a while. He committed them over a pretty long stretch of time, so it's not like he said "oops I shouldn't have done that"...plus it means he'd kept control of hacked computers for a pretty darn long time. Not cool.

That's two and a half years. Yes, he deserves to be punished, but it strikes me that he's not the one acting like a thug here, and I don't give a damn whether he's a rabid lefty, righty, or indy. If I heard that someone had gotten two and half years for taking down Reid'a, Pelosi's, and Michael Moore's sites, I still boggle in disbelief that someone got two and a half years.

Seriously. Damn!

Independent of any damage that was or was not done, there are two big factors that work against him on that.

One, he chose some high-profile targets. It's not precisely a secret that this gets the attention of authorities and that the legal system works a bit harder for such victims. The authorities were all over this one in a way they probably wouldn't have been if the same thing happened to you or me. It's not exactly comforting to think that this would be the case, but denial would be the only reaso

People fear hackers. The point isn't to compensate Reid, or Pelosi, or Ann Coulter, it's to stop people from doing this kind of thing. Based on your reaction, if every hacker reacted the way you are, then it's working. Certainly I would not be willing to do a DDOS of some site. No reasonable person would risk that kind of sentence for what is essentially a prank.

Let's be honest here, this wasn't some guy who for lulz ran an exploit he found on a website. The guy went to the effort to build up a botnet and use it. He was working on this maliciousness for a long time. Two and a half years doesn't really sound that long, to me.

Burglary is 5, 10, or 15 years in Florida. The maximum sentence for robbery is life, at least in the UK. So what? I am interested in what a good sentence is for a malicious DDOS attack, not whether other parts of the law are good or bad.

As far as I can tell, a two year sentence is definitely putting fear into the hearts of people on this website, so goal accomplished.

I'm curious as to what sort of sentence you would get for cutting off someone's power or whatever comm line they use (be it coaxial, fiber, telephone, etc.). If I cut your server's link to the web, would I get off easier than attempting to saturate that link?

Cutting a phone line doesn't involve hijacking thousands of systems without permission. You probably would get off easier but not by much. Intimidation + trespassing + criminal damage could easily give you a couple of years. Heck they could even add in a terrorism charge.

I'm curious as to what sort of sentence you would get for cutting off someone's power or whatever comm line they use (be it coaxial, fiber, telephone, etc.). If I cut your server's link to the web, would I get off easier than attempting to saturate that link?

It's not quite the same as severing a phone line verses saturating a link. It's more like hijacking thousands of other people's phones and programming them to constantly dial and redial someone's phone number so they can never pick up and get a dialtone....and it would really suck if they were having a heart attack and needed to call 911...

I think you should be put in jail for that highly offensive comment that you just made! It is clearly my constitutional right to not be offended and be exposed to such vulgar content that goes against my beliefs!

Seriously, how is thirty months about right? For DDoSing even a large amount of websites, that's ridiculous.

Tally up the financial losses that he inflicted on the attacked sites, their providers, the providers in-between and the computers that he pwned to carry out the attacks. It will likely be in the tens of thousands of dollars. Now look at what you would be sentenced to for causing that much damage through a more conventional crime, such as vandalism or theft. I suspect you'll find that the punishment is very similar.

Yes, actually it is worth a 30 month stay in jail. RTFA. He inflicted tens of thousands of dollars worth of economic losses on the entities that he attacked. When you do that you go to jail. It's simple really.

As another lefty, I agree in principle - some people are really assholes (Coulter would qualify for sure), but that doesn't mean that they do not have the right to demonstrate that to the world through unimpeded speech. Those who do not enjoy it have the freedom to not listen.

That said, I wonder about the length of sentence. 30 months sounds way too much to me for this kind of crime. In fact, any prison term sounds harsh - unless I'm missing something about what he did, it looks like the kind of thing that is best punished by a hefty fine and some community service.

It would be interesting to find any references to other similar cases (preferably not political so that the comparison doesn't devolve into fighting alongside the party lines).

Still, 30 months for any DDoS - no matter the motive - sounds harsh to me, unless it's something that resulted in significant damages (e.g. taking down a high-volume payment processing site, or a hospital record system, or something like that).

1: The person(s) whose site was taken down. This can have a massive financial implication from both the lost patronage and the costs to get the servers up and running.
2: The people's whose systems were hijacked. This could be hundreds to hundreds of thousands of systems, all being used without permission and for a criminal act. Their service suffers, their ISP suffers too.
3: Society as a whole. Performing criminal acts of people purely because of their political view

There is a great irony here in that Coulter has in the past used her freedom of speech to advocate charging anyone who speaks negatively of the war in Afganistan with 'providing aid and comfort to the enemy' and locking them in prison. She uses her freedom of speech to call for attacks on that very freedom... and, unless she wins, has every right to do so.

If the punishment were easy, parties on both sides
wouldn't hesistate to use this tactic on a regular basis.
They'd spend a night in jail, pick up some trash by the side
of the highway, and then return to party HQ with a pat on the back
and a hearty, "congratulations, you took your first pinch like a man".
Thirty months in the pokey helps take that option away, although some
hardcore operatives might still do it. In cases where the organization
routinely funded it, you'd bring in RICO laws of course. It m

Indeed. Usually folks like him try to accomplish the same thing by calling it "hate speech" or the old standby "racism" and seeking to have it censored. Remember how many people have been called "racist" for disagreeing with Obama's politics? Regarding censorship, it's pretty hard to get the government to do that in the USA, so instead they put pressure on the sponsors of a site or of a broadcast to try and make that happen. That's still underhanded as hell but perhaps not quite thuggish.

Of course if folks like him want to really show how non-thug they are, they could always explain why their viewpoint is superior using old antiquated things like facts and reasoning. That's something thugs and criminals are not known for doing.

That's seriously warped. Yes, what he did was wrong, but it's not like he permanently shut down the Internet.

30 months? Two and a half years? Damn, he should have just raped someone instead, he probably would have gotten less time and had a lot more fun in the process. I swear, I'm going to start voting against any politician that runs on being "tough on crime." It seems plenty tough enough as it is.

Two and a half years of someone's life, that's the price we demand now for some minor inconvenience? Damn, if I were his lawyer, I'd be tempted to appeal that for violation of the Eighth Amendment.

Yeah. I saw guys in the feds who were doing 20 years because someone else committed a crime and they knew about it. I know a limo driver now at Elkton who picked up a fare at JFK, the DEA pulled them over and found the fare's bags stuffed with cocaine and meth. The driver knew nothing about it, denied all knowledge, and went to trial with a public defender. He got 37 years and lost his appeal, and does not have the money for collateral attack. Did you know that after one appeal, you must now use civil remedies, like 28USC 2241 and 2255, and you are NOT entitled to counsel for them?

I did five years for what most would call, at best, a silly prank that hurt no one and caused neither property or financial loss.

droopus has been commenting on his prison sentence for some time. He won't fess up to exactly what he did but from previous posts it appears he blew up some federal property with explosives. Whatever the case there is one thing you can count on, he will not tell you the whole story.

I know a limo driver now at Elkton who picked up a fare at JFK, the DEA pulled them over and found the fare's bags stuffed with cocaine and meth. The driver knew nothing about it, denied all knowledge, and went to trial with a public defender. He got 37 years and lost his appeal, and does not have the money for collateral attack.

This one sounds a little bit hard to believe. Are you sure you were told *both* sides of the case?

Lengthy prison sentences are a product of, not only politicians and the War on Crime, but corporate ownership of jails. There is a financial and electoral incentive for putting people in jail. The growth of the prison population has grown dramatically in the last 50 years as a result of the commercialization of the penal system.

In my opinion, sentencing someone who breaks into a jewelry store, breaks all the display glass cases and steals nothing for 30 months is idiotic. I would expect them to have to pay for all the damage, and get 2 months or community work as a warning. Especially with all the jails crowded as they are.

Our definitions of pranks must be different, a DDOS attack sounds as much like a prank as breaking into a jewelry shop and breaking all the glass display cases.

Sure, you may not have stolen anything, but it's hardly a prank.

If you would appreciate a different perspective, find some older (i.e. elderly) people and ask them about how police officers used to be.

In most places, the local cops acted more like neighbors. People knew who they were and it was okay to walk up to them and talk to them like any other human being doing any other job. They could lean on you really, really hard if you showed true maliciousness. Yet, most things that you'd call "childish pranks" were not dealt with so harshly.

That's seriously warped. Yes, what he did was wrong, but it's not like he permanently shut down the Internet.

30 months? Two and a half years?

Well... the American justice system is famous for draconian punishments. Is anybody surprised?

We gave up on trying to rehabilitate anyone a long time ago. Concidentally this happened right about when private prison contractors became a big business and used their money and influence to lobby for harsher mandatory minimum sentences. They especially like to do this for victimless crimes involving only consenting adults, such as drug offenses.

Nowadays we take nonviolent criminals, mostly drug offenders, and throw them in the same facilities as those that house robbers, rapists, and murderers so th

Meanwhile, Johannes Mehserle, a former BART police officer, shoots and kills an unarmed, restrained man while in custody in view of numerous eyewitnesses, and gets two years in prison minus time already served. Even if we take the defense's word on the matter and accept that it was completely accidental, does it really make sense to punish one person so much more severely for a crime that did not result in anyone's death?

Yes, I am well aware that in the US, those in positions of power--whether through political or financial means--are treated with leniency, and the unwashed masses suffer.

This isn't exactly off topic. The parent is comparing sentences of two acts of crime, one of which resulted in death. If that's offtopic in the comments for an article about one of said acts of crime, I really want to know the mod's idea of being on topic.

It's like the classic newspaper hit pieces of the type "Obama smiles whilst people lose their jobs!". Obama did indeed smile and whilst he did that some people probably lose their jobs at the same time but that doesn't mean the events are connected or that the headline isn't insanely unfair and stupid.

Every case is difference, different crimes have different levels of culpability even if the outcome is worse (otherwise you'd hand out life sentences to every driver who killed

Here's how it works. There are three classes of people in American society. The first class is the people who run the large institutions: the politicians in government, and the executives of corporations. The second class is the people who protect these institutions: police, lawyers, the media, etc. The third class is everyone else. To calculate a criminal sentence, just use the following formula:

If you kill someone of your own class, you might get 20 years in prison. But since the BART cop was in the second class, while Grant was in the third, this was dropped down to 2 years. Here, it's the reverse: the student targeted conservative pundits (second class) so instead of 3 months he gets 30.

Here's how it works. There are three classes of people in American society. The first class is the people who run the large institutions: the politicians in government, and the executives of corporations. The second class is the people who protect these institutions: police, lawyers, the media, etc. The third class is everyone else. To calculate a criminal sentence, just use the following formula:

If you kill someone of your own class, you might get 20 years in prison. But since the BART cop was in the second class, while Grant was in the third, this was dropped down to 2 years. Here, it's the reverse: the student targeted conservative pundits (second class) so instead of 3 months he gets 30.

Yes. A man who was already restrained and presented no threat was shot and killed.

The law should be asking one question: if a police officer has restrained a suspect and that suspect no longer presents any threat to the officer's safety, why was the officer's hand anywhere near his gun? Why was that gun not in its holster with the safety on? If that does not indicate intent to murder the suspect, then what would? Are we to believe that a trained police officer who is regularly evaluated on marksmanship does not understand the basic gun safety rules known to any redneck? At some point the whole idea that this was an "accident" loses all credibility. I find it much easier to believe that cops simply have an easier time getting away with murder.

Yes, and the assumption should be that a trained police officer understands basic firearm safety. Paperwork showing at least a single session at the shooting range should be the only proof required to demonstrate that. They want the power, let them have the responsibility that goes with it. Those are two things that should never be separated for any reason.

Furthermore, when any government official in a position of power commits a crime that has a victim, they should receive triple the sentence a regul

Perhaps he didn't intend to kill, but he did deliberately make some spectacularly bad decisions that led to the loss of life, and he, as a police officer no less, knew damn well that making the decision to "shoot someone" is likely to cause serious or even lethal injury.

Freedom is speech is for all Americans - not just for the ones I or you agree with. Unfortunately, many sanctimonious politicians and college students don't believe in that as displayed by this student. Akron U is just down the road from me, hope this is not the education their spooning out.

They can and will go after you if the speech in question is made on the radio or TV and might hurt someone's hears. Look up the ancient George Carlin skit where he uttered some unutterable words on the air and the aftermath. I believe the broadcaster was fined.

He allegedly "admitted" to what looks like ten counts or more, but since his special assessement was $200, he was only convicted of a single felony count. So, then, why ever would he have admitted anything else? That would be allocution, relevant conduct and further admitted behavior. When I plead out in February 2007, I admitted guilt on one count and all others were dismissed. I denied them (they were indeed false) and no one admits other behavior and gets done for one count.

According to the sentencing table, [goo.gl] assuming this is his first offense, his offense was Level 22. He got a standard three-point reduction for admission of guilt and the judge gave him the low end of Level 19. He will do 87.5% of it, (no parole in feds) a little more than 26 months. He'll go to halfway house in 23.

But he will not go to a Camp. His relevant conduct will affect his custody, and he will probably go to a Low (basically a Medium with cubicles instead of cells), perhaps even FCI Elkton in Ohio where I was. Not fun.

My suspicion is whether he really admitted all those other counts, or this is journalistic excess.

He allegedly "admitted" to what looks like ten counts or more, but since his special assessement was $200, he was only convicted of a single felony count. So, then, why ever would he have admitted anything else? That would be allocution, relevant conduct and further admitted behavior. When I plead out in February 2007, I admitted guilt on one count and all others were dismissed. I denied them (they were indeed false) and no one admits other behavior and gets done for one count.

According to the sentencing table, [goo.gl] assuming this is his first offense, his offense was Level 22. He got a standard three-point reduction for admission of guilt and the judge gave him the low end of Level 19. He will do 87.5% of it, (no parole in feds) a little more than 26 months. He'll go to halfway house in 23.

But he will not go to a Camp. His relevant conduct will affect his custody, and he will probably go to a Low (basically a Medium with cubicles instead of cells), perhaps even FCI Elkton in Ohio where I was. Not fun.

My suspicion is whether he really admitted all those other counts, or this is journalistic excess.

You know, you can look it up in PACER...;) It's northern district of Ohio, case no. 10-cr-00216. He plead guilty to "counts 1 and 2" of the information (which I can't load, it's restricted).

This is from the *defense* counsel's sentencing brief: "Mitchell Frost . . . knowingly transmitted computer programs, codes, commands, and information which caused an interruption and otherwise disruption of vulnerable internet web sites, obtain passwords, account information, and other identifying information, causing a loss in excess of $5000.00. Through the use of mal-ware, Mitchell Frost also during this time knowingly possessed 15 or more counterfeit or unauthorized access devices, including 136 credit card accounts, PINs, and security codes, and close to 3000 user names and passwords for various computer systems or networks."

He got self-surrender, which suggests to me he may get a camp; he's serving less than 120 months, didn't get convicted of fraud involving telephones, and is otherwise not a security risk (deportable alien, etc)...

I suppose it's possible, but one's morals get strained when the choice is 30 months versus 35 years. Counts are cumulative in feds, so go down the table twenty levels and tell me about "facing punishment for your actions." Shouldn't that punishment be just and fair?

If he would have gotten less or even nothing when he would have chosen another side of the political spectrum - if there is such a thing on US news media?

MSNBC and Comedy Central tend to lean left of center. It's odd that people would make these types of remarks about political motivations when the left is currently in power. Who, exactly, is subverting the process now? Obama? Reid?

Because NOTHING says "fair and open discourse" like blowing people whose opinions you dislike off the net in a great gale of "Shut The Fuck Up".

I'm not saying I agree with some of these people he DOS'ed, hell, some of them I dislike INTENSELY. But these are the actions of someone who has so little confidence in their own point of view that they have to try and make sure theirs is the ONLY one available.

Frost admitted using the compromised machines to spread malware and harvest data from the compromised systems, including user names, passwords, credit card numbers, and CVV security codes, and for the purpose of launching Distributed Denial of Service (DDoS) attacks on computer systems and Internet websites.

Some people might simply sniff and look the other way for "unauthorized access". But the minute you bring "stealing credit cards n

Both sides of the political divide in the US have members who are desperate to win no matter what it takes - it's not surprising at all that people resort to dirty tricks, on both side. I'd also expect the confirmation bias to lead to differing perceptions - conservatives will believe it's mostly liberals who would resort to criminal activity to disrupt an opponents campaign, while liberals will believe exactly the same about conservatives. It's just another example of how US politics are less like a seriou

"A former University of Akron student was sentenced Friday to 30 months in prison, followed by 3 years of supervised release, and an almost certainly non-lethal tazing : ). Risking no proper job, no mortgage ever. That'll teach him not to fuck with several prominent conservative figures".

Although I think I understand the gist of your post, florid as it might be, and agree freedom of speech must cut both ways, I don't think the thirty months is all the trouble he's in.

I concur. Like a spammer, he should suffer a penalty proportional to the crime. So, how many computers did he use in the DDOS attack, and what's the statutory penalty for fraudulent/unauthorized use of a computer?

Add them up, and he should probably do a couple of centuries of jail time.

But you wanna see the system freak out? Show the people with money and clout that the system has holes, that there are people who can do things with technology that they don't understand.

OK, it's really not just a tech thing. Both our statutory punishments and our sentencing is messed up in this country. Unfortunately, it's in no small part because we're quite simply very very stupid about the issue politically: we like to vote for people who are "tough on crime," so I don't expect a lot of change.

* May not apply if you're not a police officer.** May not apply if you're not wealthy.

Money and connections always have been a way to arrange a harsh sentence. It's nothing new in today's legal system - I imagine it goes back millenia. Steal a bucket from the local peasant, get locked up a few days. Steal the bucket with a hole it in from the scrap-heap of the baron, and face execution just on a matter of princible to make sure everyone knows who is on top of the social order.

I find it odd how the constitution seems to mention nothing about unprotected speech and yet people act as if this is normal. Actually, no, that's not odd. That's just the ancient tradition of government corruption kicking in.

Are you serious? Free speech allows him to write his own website, it doesn't allow him to break theirs. Whether or not actual damages were inflicted is a different issue, much like "Attempted Murder" is just as much a crime as "Murder". The difference is in the punishment.

It pains me to see people honestly think that limiting other peoples speech is protected as free speech.

The above is not a subtle point at all. "sit ins" are by and large not legal at all. Think Abortion center protests. You can protest them, but you can't be a public disturbance, you can't be on their property, and you can't block people from access to the clinic. This is just what he did, he (attempted a) block of the websites, because he didn't agree with them. Instead of using his right to free speech to debate them, he decided to put his political feelings above others rights (free speech, right to assemble(people reading the sites), etc...)

Does the punishment fit the crime? maybe, maybe not, but this wasn't a protest, this wasn't a comment on some forum, This was a premeditated multivector attack on both the rights and the property of others. Just because he failed at it, or did it with a computer doesn't make it less wrong or illegal.

It pains ME to see an ideologue debase a basic free speech issue iinto another stupid liberal/conservative diatribe..

Those MORONS think the whole world revolves around their artificial bullshit dichotomy.

Reduce the world to liberal/conservative and you reduce choices. Reduce choices and you reduce freedom.

It is ALL about the power of Big Capital. It frames the dialog, and the lemmings folllow.

Well, Big Capital is one half of it. The other half of it is a public school system that takes great pains to never teach the basic logic, rhetoric, and critical thinking necessary to see that for yourself. Without that, many people would divest from the various sources of Big Capital and it wouldn't be Big Capital anymore.

Where's the line between a DDoS against a political site and "protected free speech"?

I'd say the line is the use of other people's property without their consent. This is the same issue as spamming. His right to express himself doesn't include a right to use anyone else's property to do so.

Sit-ins are extensively used today all over the world, but curiously almost exclusively by the "left" of the respective country.

But the fact that they are so heavily used everywhere by people who proclaim themselves to be people's or peace activists doesn't exactly make it any more peaceful or respectable.

Sit-ins are peaceful only in a way that it doesn't punch people in the face. Other than that, they're more often than not illegal, that is, trampling someones right to move or use their property, not only

Of course right-wingers *NEVER* do anything like this. Newsflash: Some people are assholes, and some just hide behind AC status.

They should start saying things like this in the summary, that way we don't have to see this come up like clockwork every single time the word "Liberal/Progressive" or the word "Conservative" is mentioned. Really it could save a lot of bandwidth.

Well, then you should realize that there are more elements in parallel than what you listed. Add also all the anti-religion and anti-God rhetoric and the "reason is all we need" kind of logic that is also prevalent today. Then look at the outcome. After the mob slaughtered all their bosses they turned on each other and slaughtered each other because each of the factions in the mob thought the other factions weren't politically correct.

History shows us that if we fail to learn from it we are doomed to rep